<!doctype html>



  


<html class="theme-next mist use-motion">
<head>
  <meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>



<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />












  
  
  <link href="/vendors/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />




  
  
  
  

  
    
    
  

  

  

  

  

  
    
    
    <link href="//fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic&subset=latin,latin-ext" rel="stylesheet" type="text/css">
  






<link href="/vendors/font-awesome/css/font-awesome.min.css?v=4.4.0" rel="stylesheet" type="text/css" />

<link href="/css/main.css?v=5.0.2" rel="stylesheet" type="text/css" />


  <meta name="keywords" content="Jhin" />








  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico?v=5.0.2" />






<meta name="description" content="一些重要的互联网资源参考:强烈建议通读一下Jerry Qu的关于https, http/2, nginx的blog, 这是我目前发现的在国内的技术文章中, 关于上述的几个知识点讲解的最为全面透彻的文章.">
<meta property="og:type" content="article">
<meta property="og:title" content="阿里云服务器 升级 HTTPS 指南">
<meta property="og:url" content="http://jhin.oschina.io/Linux/2017-03-21-阿里云服务器 升级 HTTPS 指南.html">
<meta property="og:site_name" content="Jhin">
<meta property="og:description" content="一些重要的互联网资源参考:强烈建议通读一下Jerry Qu的关于https, http/2, nginx的blog, 这是我目前发现的在国内的技术文章中, 关于上述的几个知识点讲解的最为全面透彻的文章.">
<meta property="og:image" content="http://static.zhuxiaodong.net/blog/static/images/ev-cert.png">
<meta property="og:image" content="http://static.zhuxiaodong.net/blog/static/images/startssl.png">
<meta property="og:image" content="http://static.zhuxiaodong.net/blog/static/images/wosign.png">
<meta property="og:image" content="http://static.zhuxiaodong.net/blog/static/images/aliyunssl.png">
<meta property="og:updated_time" content="2017-03-06T06:47:08.045Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="阿里云服务器 升级 HTTPS 指南">
<meta name="twitter:description" content="一些重要的互联网资源参考:强烈建议通读一下Jerry Qu的关于https, http/2, nginx的blog, 这是我目前发现的在国内的技术文章中, 关于上述的几个知识点讲解的最为全面透彻的文章.">
<meta name="twitter:image" content="http://static.zhuxiaodong.net/blog/static/images/ev-cert.png">



<script type="text/javascript" id="hexo.configuration">
  var NexT = window.NexT || {};
  var CONFIG = {
    scheme: 'Mist',
    sidebar: {"position":"left","display":"post"},
    fancybox: true,
    motion: true,
    duoshuo: {
      userId: '0',
      author: '博主'
    }
  };
</script>




  <link rel="canonical" href="http://jhin.oschina.io/Linux/2017-03-21-阿里云服务器 升级 HTTPS 指南.html"/>


  <title> 阿里云服务器 升级 HTTPS 指南 | Jhin </title>
</head>

<body itemscope itemtype="//schema.org/WebPage" lang="zh-Hans">

  










  
  
    
  

  <div class="container one-collumn sidebar-position-left page-post-detail ">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="//schema.org/WPHeader">
      <div class="header-inner"><div class="site-meta custom-logo">
  

  <div class="custom-logo-site-title">
    <a href="/"  class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <span class="site-title">Jhin</span>
      <span class="logo-line-after"><i></i></span>
    </a>
  </div>
  <p class="site-subtitle">Jhin(ijhin@sina.com)</p>
</div>

<div class="site-nav-toggle">
  <button>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
  </button>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives" rel="section">
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-thinkphp">
          <a href="/categories/ThinkPHP-DOC" rel="section">
            
            ThinkPHP
          </a>
        </li>
      
        
        <li class="menu-item menu-item-mysql">
          <a href="/categories/MySQL" rel="section">
            
            MySQL
          </a>
        </li>
      
        
        <li class="menu-item menu-item-php">
          <a href="/categories/PHP" rel="section">
            
            PHP
          </a>
        </li>
      
        
        <li class="menu-item menu-item-linux">
          <a href="/categories/Linux" rel="section">
            
            Linux
          </a>
        </li>
      
        
        <li class="menu-item menu-item-nginx">
          <a href="/categories/Nginx" rel="section">
            
            Nginx
          </a>
        </li>
      
        
        <li class="menu-item menu-item-html">
          <a href="/categories/HTML" rel="section">
            
            HTML5
          </a>
        </li>
      
        
        <li class="menu-item menu-item-javascript">
          <a href="/categories/JavaScript" rel="section">
            
            JavaScript
          </a>
        </li>
      
        
        <li class="menu-item menu-item-onex">
          <a href="/categories/ONEX" rel="section">
            
            ONEX
          </a>
        </li>
      
        
        <li class="menu-item menu-item-yii">
          <a href="/categories/Yii2" rel="section">
            
            Yii2
          </a>
        </li>
      
        
        <li class="menu-item menu-item-shopex">
          <a href="/categories/ShopEX" rel="section">
            
            ShopEX
          </a>
        </li>
      

      
    </ul>
  

  
</nav>

 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  
  

  
  
  

  <article class="post post-type-normal " itemscope itemtype="//schema.org/Article">

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">
            
            
              
                阿里云服务器 升级 HTTPS 指南
              
            
          </h1>
        

        <div class="post-meta">
          <span class="post-time">
            <span class="post-meta-item-icon">
              <i class="fa fa-calendar-o"></i>
            </span>
            <span class="post-meta-item-text">发表于</span>
            <time itemprop="dateCreated" datetime="2017-03-21T14:51:55+08:00" content="2017-03-21">
              2017-03-21
            </time>
          </span>

          
            <span class="post-category" >
              &nbsp; | &nbsp;
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="https://schema.org/Thing">
                  <a href="/categories/Linux/" itemprop="url" rel="index">
                    <span itemprop="name">Linux</span>
                  </a>
                </span>

                
                

              
            </span>
          

          
            
          

          

          
          

          
        </div>
      </header>
    


    <div class="post-body" itemprop="articleBody">

      
      

      
        <h5 id="一些重要的互联网资源参考"><a href="#一些重要的互联网资源参考" class="headerlink" title="一些重要的互联网资源参考:"></a>一些重要的互联网资源参考:</h5><p>强烈建议通读一下Jerry Qu的关于https, http/2, nginx的blog, 这是我目前发现的在国内的技术文章中, 关于上述的几个知识点讲解的最为全面透彻的文章.</p>
<a id="more"></a>
<p>传送门: <a href="https://imququ.com/?spm=5176.100239.blogcont65199.15.HR7rZC" target="_blank" rel="external">https://imququ.com/</a></p>
<h5 id="为什么我们需要实现全站https"><a href="#为什么我们需要实现全站https" class="headerlink" title="为什么我们需要实现全站https?"></a>为什么我们需要实现全站https?</h5><p>目前主流大厂的网站和服务都已经实现了全站https, 例如: baidu, taobao, jd等.<br>关于这方面的好处和优势, 互联网上太多文章在进行介绍. 例如: <a href="https://imququ.com/post/moving-to-https-asap.html?spm=5176.100239.blogcont65199.16.HR7rZC" target="_blank" rel="external">为什么我们应该尽快升级到 HTTPS？</a><br>对于一般的创业型公司, 迫切需要实现全站https的理由: </p>
<ol>
<li><a href="http://techcrunch.cn/2016/06/17/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/?spm=5176.100239.blogcont65199.17.HR7rZC" target="_blank" rel="external"><strong>苹果要求所有iOS应用在年底前默认使用HTTPS连接</strong></a></li>
<li><a href="https://mp.weixin.qq.com/debug/wxadoc/dev/api/network-request.html?spm=5176.100239.blogcont65199.18.HR7rZC&amp;t=20161122" target="_blank" rel="external"><strong>微信小程序的开发, 要求必须使用https通信</strong></a></li>
<li><a href="https://imququ.com/post/http2-resource.html?spm=5176.100239.blogcont65199.19.HR7rZC" target="_blank" rel="external"><strong>HTTP/2的支持</strong></a></li>
</ol>
<blockquote>
<p>HTTP2.0其实可以支持非HTTPS的，但是现在主流的浏览器chrome，firefox表示还是只支持基于TLS部署的HTTP2.0协议，所以要想升级成HTTP2.0还是先升级HTTPS为好.</p>
</blockquote>
<h5 id="升级之前的准备工作"><a href="#升级之前的准备工作" class="headerlink" title="升级之前的准备工作"></a>升级之前的准备工作</h5><h6 id="SSL的证书类型"><a href="#SSL的证书类型" class="headerlink" title="SSL的证书类型?"></a>SSL的证书类型?</h6><ul>
<li>DV (Domain Validation): 面向个体用户，安全体系相对较弱，验证方式就是向 whois 信息中的邮箱发送邮件，按照邮件内容进行验证即可通过.</li>
<li>OV (Organization Validation): 面向企业用户，证书在DV证书验证的基础上，还需要公司的授权，CA通过拨打信息库中公司的电话来确认.</li>
<li>EV (Extended Validation): 在浏览器URL地址栏当中，展示了注册公司的信息，这会让用户产生更大的信任，这类证书的申请除了以上两个确认外，还需要公司提供金融机构的开户许可证，要求十分严格.</li>
</ul>
<p><strong>需要强调的是，不论是 DV、OV 还是 EV 证书，其加密效果都是一样的！</strong></p>
<h6 id="重要的区别"><a href="#重要的区别" class="headerlink" title="重要的区别:"></a>重要的区别:</h6><ol>
<li>DV证书的审核速度较快, 由程序完成审核, 一般申请了之后马上就能够完成证书颁发; OV和EV证书审核较慢, 由人工审核, 一般需要数天的时间.</li>
<li>EV证书会在浏览器当中显示公司的信息, 通常被称为绿色地址栏, 以增加用户的信任感. 参考如下访问github时, chrome浏览器的显示方式:</li>
</ol>
<p><a href="http://static.zhuxiaodong.net/blog/static/images/ev-cert.png" target="_blank" rel="external"><img src="http://static.zhuxiaodong.net/blog/static/images/ev-cert.png" alt="EV证书示例"></a></p>
<ol>
<li>EV证书<strong>不支持单个泛域名(<em>.example.com)或者多个泛域名(</em>.example1.com, *.example2.com)</strong>, OV和DV证书则支持.</li>
</ol>
<p><strong>如何选择?</strong><br>通常的情况下, 一个处于初创阶段的互联网公司有多少个子系统是很难在前期就界定出来的. 因此, 如果能够无法明确规划出未来有多少个子系统, 需要使用多少个二级域名, 最好购买支持单个或者多个泛域名的证书. 至于是DV还是OV, 我个人觉得不是那么重要.</p>
<p><strong>一些经验总结:</strong><br>HTTPS网页中加载的HTTP资源被称之为<a href="https://imququ.com/post/sth-about-switch-to-https.html?spm=5176.100239.blogcont65199.21.HR7rZC#toc-0" target="_blank" rel="external">Mixed Content</a>, 不同的浏览器有不同的block http资源的策略, 因此最好提前整理出你的程序依赖的内部http资源, 和外部http资源(统计资源[GA, CNZZ, 百度统计], 第三方分享, 第三方地图服务等). 尤其是外部的http资源, 需要评估是否提供了https的服务.</p>
<h3 id="到哪里获取https证书"><a href="#到哪里获取https证书" class="headerlink" title="到哪里获取https证书?"></a>到哪里获取https证书?</h3><p><strong>免费资源:</strong></p>
<ul>
<li><a href="https://letsencrypt.org/?spm=5176.100239.blogcont65199.22.HR7rZC" target="_blank" rel="external">Let’s Encrypt</a>: 目前个人站点使用的非常普遍的证书.<br>特点/限制:<ul>
<li>如果你在使用云服务提供商的CDN或者负载均衡服务(例如阿里云的CDN或者SLB), Let’s Encrypt就不太适合了, 阿里云的CDN或者SLB要求在云平台上上传证书的公钥和私钥, 而Let’s Encrypt强制90天过期, 虽然我们可以通过自动化的方式renew证书, 但我目前还没有找到比较好的解决方案.</li>
<li>只支持单个域名.</li>
</ul>
</li>
<li><a href="https://common-buy.aliyun.com/?spm=5176.100239.blogcont65199.23.HR7rZC&amp;commodityCode=cas#/buy" target="_blank" rel="external">阿里云Symantec免费DV证书</a>:<br>特点/限制:<ul>
<li>赛门铁克-顶级证书颁发机构.</li>
<li>1年过期.</li>
<li>只支持单个域名.</li>
</ul>
</li>
<li><a href="http://www.qcloud.com/blog/?spm=5176.100239.blogcont65199.24.HR7rZC&amp;p=1237" target="_blank" rel="external">腾讯云GeoTrust免费DV证书</a>:<br>特点/限制:<ul>
<li>GeoTrust-顶级证书颁发机构.</li>
<li>1年过期.</li>
<li>只支持单个域名.</li>
</ul>
</li>
</ul>
<p><strong>强烈不推荐</strong>:</p>
<ol>
<li><p><a href="https://www.startssl.com/?spm=5176.100239.blogcont65199.25.HR7rZC" target="_blank" rel="external">StartSSL.com</a>: 详见官网的以下描述:<br><a href="http://static.zhuxiaodong.net/blog/static/images/startssl.png" target="_blank" rel="external"><img src="http://static.zhuxiaodong.net/blog/static/images/startssl.png" alt="startssl申明"></a></p>
</li>
<li><p><a href="https://www.wosign.com/?spm=5176.100239.blogcont65199.27.HR7rZC" target="_blank" rel="external">Wosign(沃通)</a>: <a href="https://program-think.blogspot.com/2016/09/About-WoSign.html?spm=5176.100239.blogcont65199.28.HR7rZC" target="_blank" rel="external">聊聊“沃通/WoSign”的那些破事儿</a> <a href="http://static.zhuxiaodong.net/blog/static/images/wosign.png" target="_blank" rel="external"><img src="http://static.zhuxiaodong.net/blog/static/images/wosign.png" alt="wosign"></a><a href="https://wiki.mozilla.org/CA:WoSign_Issues?spm=5176.100239.blogcont65199.30.HR7rZC" target="_blank" rel="external">Mozilla发布的wosign-issue</a> <a href="http://k.sina.cn/article_1772191555_69a17f430190016i6.html?spm=5176.100239.blogcont65199.31.HR7rZC&amp;vt=4" target="_blank" rel="external">新浪的报道</a></p>
</li>
</ol>
<blockquote>
<p>PS: </p>
<ol>
<li>阿里云在之前的一段时间也能够购买wosign的证书, 目前也已经下线了.</li>
<li>wosign的SEO做得不错, 搜索<strong>SSL证书</strong>, google和baidu都排在了第一页, 导致很多不明真相的群众被忽悠了.</li>
</ol>
</blockquote>
<p><strong>付费资源:</strong></p>
<ul>
<li><a href="https://common-buy.aliyun.com/?spm=5176.100239.blogcont65199.32.HR7rZC&amp;commodityCode=cas#/buy" target="_blank" rel="external">阿里云</a>: 提供了赛门铁克, GeoTrust, CFCA三个颁发的证书.</li>
</ul>
<blockquote>
<p>PS: 其它都没有用过, 就不推荐了.</p>
</blockquote>
<h3 id="最终我选了什么"><a href="#最终我选了什么" class="headerlink" title="最终我选了什么?"></a>最终我选了什么?</h3><p>阿里云上的GeoTrust DV SSL: 价格便宜, 支持泛域名, 颁发迅速(30 min之内), 最重要的是统一使用了阿里云进行管理.<br><a href="http://static.zhuxiaodong.net/blog/static/images/aliyunssl.png" target="_blank" rel="external"><img src="http://static.zhuxiaodong.net/blog/static/images/aliyunssl.png" alt="aliyunssl"></a></p>
<h6 id="购买证书"><a href="#购买证书" class="headerlink" title="购买证书"></a>购买证书</h6><p>进入 <strong>云盾控制台</strong>选择<strong>证书服务</strong></p>
<p>选择对应证书，<strong>补全</strong>   <strong>审核</strong>  </p>
<p>选择 DNS 或者 文件，我这里是选择DNS ,进入域名管理，解析 指定DNS </p>
<h6 id="下载"><a href="#下载" class="headerlink" title="下载"></a>下载</h6><p>下载对应证书，上传至服务器，这里使用的是 Nginx</p>
<p>如下</p>
<h4 id="安装证书"><a href="#安装证书" class="headerlink" title="安装证书"></a>安装证书</h4><h5 id="文件说明："><a href="#文件说明：" class="headerlink" title="文件说明："></a>文件说明：</h5><h5 id="1-证书文件214032814690541-pem，包含两段内容，请不要删除任何一段内容。"><a href="#1-证书文件214032814690541-pem，包含两段内容，请不要删除任何一段内容。" class="headerlink" title="1. 证书文件214032814690541.pem，包含两段内容，请不要删除任何一段内容。"></a>1. 证书文件214032814690541.pem，包含两段内容，请不要删除任何一段内容。</h5><h5 id="2-如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541-key。"><a href="#2-如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541-key。" class="headerlink" title="2. 如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541.key。"></a>2. 如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541.key。</h5><h5 id="1-在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541-key；"><a href="#1-在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541-key；" class="headerlink" title="( 1 ) 在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541.key；"></a>( 1 ) 在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541.key；</h5><h5 id="2-打开-Nginx-安装目录下-conf-目录中的-nginx-conf-文件，找到："><a href="#2-打开-Nginx-安装目录下-conf-目录中的-nginx-conf-文件，找到：" class="headerlink" title="( 2 ) 打开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件，找到："></a>( 2 ) 打开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件，找到：</h5><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div></pre></td><td class="code"><pre><div class="line"># HTTPS server</div><div class="line"># #server &#123;</div><div class="line"># listen 443;</div><div class="line"># server_name localhost;</div><div class="line"># ssl on;</div><div class="line"># ssl_certificate cert.pem;</div><div class="line"># ssl_certificate_key cert.key;</div><div class="line"># ssl_session_timeout 5m;</div><div class="line"># ssl_protocols SSLv2 SSLv3 TLSv1;</div><div class="line"># ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;</div><div class="line"># ssl_prefer_server_ciphers on;</div><div class="line"># location / &#123;</div><div class="line">#</div><div class="line">#</div><div class="line">#&#125;</div><div class="line">#&#125;</div></pre></td></tr></table></figure>
<h5 id="3-将其修改为-以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整"><a href="#3-将其修改为-以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整" class="headerlink" title="( 3 ) 将其修改为 (以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整) :"></a>( 3 ) 将其修改为 (以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整) :</h5><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div></pre></td><td class="code"><pre><div class="line">server &#123;</div><div class="line">    listen 443;</div><div class="line">    server_name localhost;</div><div class="line">    ssl on;</div><div class="line">    root html;</div><div class="line">    index index.html index.htm;</div><div class="line">    ssl_certificate   cert/214032814690541.pem;</div><div class="line">    ssl_certificate_key  cert/214032814690541.key;</div><div class="line">    ssl_session_timeout 5m;</div><div class="line">    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</div><div class="line">    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div class="line">    ssl_prefer_server_ciphers on;</div><div class="line">    location / &#123;</div><div class="line">        root html;</div><div class="line">        index index.html index.htm;</div><div class="line">    &#125;</div><div class="line">&#125;</div></pre></td></tr></table></figure>
<p>保存退出。</p>
<h5 id="4-重启-Nginx。"><a href="#4-重启-Nginx。" class="headerlink" title="( 4 )重启 Nginx。"></a>( 4 )重启 Nginx。</h5><h5 id="5-通过-https-方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请查看相关文档。"><a href="#5-通过-https-方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请查看相关文档。" class="headerlink" title="( 5 ) 通过 https 方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请查看相关文档。"></a>( 5 ) 通过 https 方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请<a href="https://help.aliyun.com/knowledge_detail/48023.html" target="_blank" rel="external">查看相关文档</a>。</h5><p>可能遇到的问题：</p>
<p>nginx: [emerg] “server” directive is not allowed</p>
<p>查看 是否包含其他子配置文件</p>
<p>nginx: [emerg] “root” directive is duplicate</p>
<p>查看是否有重复字段</p>
<p>https 放到 server内,如下</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div></pre></td><td class="code"><pre><div class="line">server &#123;</div><div class="line">		listen 80;</div><div class="line">		#listen 80 default;</div><div class="line">		index index.html index.htm index.php;</div><div class="line">		root  /data/www/bbc/public;</div><div class="line"></div><div class="line">		#error_page   404   /404.html;</div><div class="line">		location ~ [^/]\.php(/|$)</div><div class="line">			&#123;</div><div class="line">				# comment try_files $uri =404; to enable pathinfo</div><div class="line">				try_files $uri =404;</div><div class="line">				fastcgi_pass  127.0.0.1:9000;</div><div class="line">				#fastcgi_pass  unix:/tmp/php-cgi.sock;</div><div class="line">				fastcgi_index index.php;</div><div class="line">				include fastcgi.conf;</div><div class="line">				include pathinfo.conf;</div><div class="line">			&#125;</div><div class="line">		if ($request_uri ~ (.+?\.php)(/|.+)$ )&#123;  </div><div class="line">		#if ($request_uri ~ (.+?\.php)(|/.+)$ )&#123;  </div><div class="line">		               break;  </div><div class="line">		&#125; </div><div class="line"></div><div class="line">		if (!-e $request_filename) &#123;  </div><div class="line">		     rewrite ^/(.*)$ /index.php/$1 last;  </div><div class="line">		     #rewrite ^/(.*)$ /index.php;  </div><div class="line">		&#125;</div><div class="line"></div><div class="line">		location /nginx_status &#123;</div><div class="line">			stub_status on;</div><div class="line">			access_log   off;</div><div class="line">		&#125;</div><div class="line"></div><div class="line">		location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$</div><div class="line">			&#123;</div><div class="line">				expires      30d;</div><div class="line">			&#125;</div><div class="line"></div><div class="line">		location ~ .*\.(js|css)?$</div><div class="line">			&#123;</div><div class="line">				expires      12h;</div><div class="line">			&#125;</div><div class="line"></div><div class="line">		#access_log  /home/wwwlogs/access.log  access;</div><div class="line"></div><div class="line">		#https</div><div class="line"></div><div class="line">	    listen 443;</div><div class="line">	    server_name localhost;</div><div class="line">	    ssl on;</div><div class="line">	    #root html;</div><div class="line">	    index index.html index.htm;</div><div class="line">	    ssl_certificate   cert/214032814690541.pem;</div><div class="line">	    ssl_certificate_key  cert/214032814690541.key;</div><div class="line">	    ssl_session_timeout 5m;</div><div class="line">	    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</div><div class="line">	    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div class="line">	    ssl_prefer_server_ciphers on;</div><div class="line">	    location / &#123;</div><div class="line">	        root html;</div><div class="line">	        index index.html index.htm;</div><div class="line">	    &#125;</div><div class="line">&#125;</div></pre></td></tr></table></figure>
<h4 id="兼容-http-https"><a href="#兼容-http-https" class="headerlink" title="兼容 http https"></a>兼容 http https</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line"># https</div><div class="line">listen 443 ssl;</div><div class="line">server_name localhost;</div><div class="line">#ssl on;</div></pre></td></tr></table></figure>

      
    </div>

    <div>
      
        

      
    </div>

    <div>
      
        

      
    </div>

    <footer class="post-footer">
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/uncategorized/2016-10-21-hello-world.html" rel="next" title="Hello World">
                <i class="fa fa-chevron-left"></i> Hello World
              </a>
            
          </div>

          <div class="post-nav-prev post-nav-item">
            
          </div>
        </div>
      

      
      
    </footer>
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          
  <div class="comments" id="comments">
    
  </div>


        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap" >
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview sidebar-panel ">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="//schema.org/Person">
          <img class="site-author-image" itemprop="image"
               src="/images/avatar.gif"
               alt="Jhin" />
          <p class="site-author-name" itemprop="name">Jhin</p>
          <p class="site-description motion-element" itemprop="description">Jhin 开发文档小结</p>
        </div>
        <nav class="site-state motion-element">
          <div class="site-state-item site-state-posts">
            <a href="/archives">
              <span class="site-state-item-count">22</span>
              <span class="site-state-item-name">日志</span>
            </a>
          </div>

          
            <div class="site-state-item site-state-categories">
              
                <span class="site-state-item-count">3</span>
                <span class="site-state-item-name">分类</span>
              
            </div>
          

          

        </nav>

        

        <div class="links-of-author motion-element">
          
        </div>

        
        

        
        

      </section>

      
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">
            
              
            
            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-5"><a class="nav-link" href="#一些重要的互联网资源参考"><span class="nav-number">1.</span> <span class="nav-text">一些重要的互联网资源参考:</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#为什么我们需要实现全站https"><span class="nav-number">2.</span> <span class="nav-text">为什么我们需要实现全站https?</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#升级之前的准备工作"><span class="nav-number">3.</span> <span class="nav-text">升级之前的准备工作</span></a><ol class="nav-child"><li class="nav-item nav-level-6"><a class="nav-link" href="#SSL的证书类型"><span class="nav-number">3.1.</span> <span class="nav-text">SSL的证书类型?</span></a></li><li class="nav-item nav-level-6"><a class="nav-link" href="#重要的区别"><span class="nav-number">3.2.</span> <span class="nav-text">重要的区别:</span></a></li></ol></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#到哪里获取https证书"><span class="nav-number"></span> <span class="nav-text">到哪里获取https证书?</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#最终我选了什么"><span class="nav-number"></span> <span class="nav-text">最终我选了什么?</span></a><ol class="nav-child"><li class="nav-item nav-level-6"><a class="nav-link" href="#购买证书"><span class="nav-number">0.1.</span> <span class="nav-text">购买证书</span></a></li><li class="nav-item nav-level-6"><a class="nav-link" href="#下载"><span class="nav-number">0.2.</span> <span class="nav-text">下载</span></a></li></ol></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#安装证书"><span class="nav-number"></span> <span class="nav-text">安装证书</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#文件说明："><span class="nav-number">1.</span> <span class="nav-text">文件说明：</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-证书文件214032814690541-pem，包含两段内容，请不要删除任何一段内容。"><span class="nav-number">2.</span> <span class="nav-text">1. 证书文件214032814690541.pem，包含两段内容，请不要删除任何一段内容。</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541-key。"><span class="nav-number">3.</span> <span class="nav-text">2. 如果是证书系统创建的CSR，还包含：证书私钥文件214032814690541.key。</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541-key；"><span class="nav-number">4.</span> <span class="nav-text">( 1 ) 在Nginx的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214032814690541.key；</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-打开-Nginx-安装目录下-conf-目录中的-nginx-conf-文件，找到："><span class="nav-number">5.</span> <span class="nav-text">( 2 ) 打开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件，找到：</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-将其修改为-以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整"><span class="nav-number">6.</span> <span class="nav-text">( 3 ) 将其修改为 (以下属性中ssl开头的属性与证书配置有直接关系，其它属性请结合自己的实际情况复制或调整) :</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#4-重启-Nginx。"><span class="nav-number">7.</span> <span class="nav-text">( 4 )重启 Nginx。</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#5-通过-https-方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请查看相关文档。"><span class="nav-number">8.</span> <span class="nav-text">( 5 ) 通过 https 方式访问您的站点，测试站点证书的安装配置。如遇到证书不信任问题，请查看相关文档。</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#兼容-http-https"><span class="nav-number"></span> <span class="nav-text">兼容 http https</span></a></div>
            
          </div>
        </section>
      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright" >
  
  &copy; 
  <span itemprop="copyrightYear">2017</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Jhin</span>
</div>

<div class="powered-by">
  由 <a class="theme-link" href="/">Hexo</a> 强力驱动
</div>

<div class="theme-info">
  主题 -
  <a class="theme-link" href="/">
    NexT.Mist
  </a>
</div>

        

        
      </div>
    </footer>

    <div class="back-to-top">
      <i class="fa fa-arrow-up"></i>
    </div>
  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  



  
  <script type="text/javascript" src="/vendors/jquery/index.js?v=2.1.3"></script>

  
  <script type="text/javascript" src="/vendors/fastclick/lib/fastclick.min.js?v=1.0.6"></script>

  
  <script type="text/javascript" src="/vendors/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>

  
  <script type="text/javascript" src="/vendors/velocity/velocity.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/vendors/velocity/velocity.ui.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/vendors/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.0.2"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.0.2"></script>



  
  

  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.0.2"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.0.2"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.0.2"></script>



  



  




  
  

  

  

  

  


</body>
</html>
